Lucene search

trendmicroblogElisa Lippincott (Global Threat Communications)TRENDMICROBLOG:45477ECD0A0F60BA46719A3A87A0DB53
HistoryJul 20, 2018 - 3:24 p.m.

Zero-Day Coverage Update – Week of July 16, 2018

Elisa Lippincott (Global Threat Communications)





One night this week, I came across one of my favorite movies Willy Wonka and the Chocolate Factory. The world had gone crazy after the reclusive Willy Wonka announces that he has hidden five golden tickets in chocolate Wonka Bars that promised a factory tour and a lifetime supply of chocolate. There’s a scene at a school where a teacher, Mr. Turkentine, decides to teach the kids about percentages and uses the Wonka Bars as an example. He asks one student how many Wonka Bars she bought and she replied, “About a hundred.” Mr. Turkentine tells her that there are ten hundreds in a thousand so that’s 10 percent. He asks a couple of other students and the percentages are easy to figure out. Then he asks Charlie Bucket, a poor paperboy, how many Wonka Bars he bought, and he says “Two.” Mr. Turkentine replied, “Two? What do you mean you only opened two? I can’t figure out the percentage for just two, so let’s just pretend you opened two hundred.”

While Mr. Turkentine has trouble with percentages, the Zero Day Initiative (ZDI) doesn’t. This month, Adobe had a bigger than normal patch for their Acrobat product, covering 107 CVEs. 68 of those CVEs came through the ZDI program! I don’t have any trouble figuring out that percentage – that’s 63.6% of the Acrobat vulnerabilities that came through ZDI. The “golden ticket” for Trend Micro customers isn’t a lifetime of chocolate, but preemptive protection against these bugs!

MindshaRE: An Introduction to PyKD

Earlier this week, ZDI researcher Abdul-Aziz Hariri posted a blog covering the topic of using PyKD to help automate debugging tasks and crash dump analysis using Python. His post is part of the MindshaRE blog series that provides insight on various reversing techniques to security researchers and reverse engineers. The blog demonstrates the installation and basic configuration of PyKD and goes on the show how it can be used to execute Python script from inside WinDBG. You can read the full blog here.

Adobe Security Update

This week’s Digital Vaccine (DV) package includes coverage for Adobe updates released on or before July 10, 2018. The following table maps Digital Vaccine filters to the Microsoft updates. You can get more detailed information on this month’s security updates from Dustin Childs’ July 2018 Security Update Review from the Zero Day Initiative:

Bulletin # CVE # Digital Vaccine Filter Status
APSB18-21 CVE-2018-5009 32561
APSB18-21 CVE-2018-5010 32562
APSB18-21 CVE-2018-5011 32563
APSB18-21 CVE-2018-5012 32564
APSB18-21 CVE-2018-12799 32670
APSB18-21 CVE-2018-12803 32565
APSB18-21 CVE-2018-5014 32566
APSB18-21 CVE-2018-5015 32567
APSB18-21 CVE-2018-5016 32568
APSB18-21 CVE-2018-5017 32569
APSB18-21 CVE-2018-5018 32570
APSB18-21 CVE-2018-5019 32571
APSB18-21 CVE-2018-5020 32573
APSB18-21 CVE-2018-5021 32574
APSB18-21 CVE-2018-5022 32575
APSB18-21 CVE-2018-5023 32576
APSB18-21 CVE-2018-5024 32577
APSB18-21 CVE-2018-5025 32578
APSB18-21 CVE-2018-5026 32579
APSB18-21 CVE-2018-5027 32580
APSB18-21 CVE-2018-5028 32581
APSB18-21 CVE-2018-5029 32582
APSB18-21 CVE-2018-5030 32583
APSB18-21 CVE-2018-5031 32584
APSB18-21 CVE-2018-5032 32585
APSB18-21 CVE-2018-5033 32586
APSB18-21 CVE-2018-5034 32587
APSB18-21 CVE-2018-5035 32588
APSB18-21 CVE-2018-5036 32589
APSB18-21 CVE-2018-5037 32590
APSB18-21 CVE-2018-5038 32591
APSB18-21 CVE-2018-5039 32592
APSB18-21 CVE-2018-5040 32593
APSB18-21 CVE-2018-5041 32594
APSB18-21 CVE-2018-5042 32595
APSB18-21 CVE-2018-5043 32596
APSB18-21 CVE-2018-5044 32597
APSB18-21 CVE-2018-5045 32598
APSB18-21 CVE-2018-5046 32599
APSB18-21 CVE-2018-5047 32600
APSB18-21 CVE-2018-5048 32601
APSB18-21 CVE-2018-5049 32602
APSB18-21 CVE-2018-5050 32603
APSB18-21 CVE-2018-5051 32604
APSB18-21 CVE-2018-5052 32605
APSB18-21 CVE-2018-5053 32606
APSB18-21 CVE-2018-5054 32607
APSB18-21 CVE-2018-5055 32608
APSB18-21 CVE-2018-5056 32609
APSB18-21 CVE-2018-5057 32610
APSB18-21 CVE-2018-5058 32611
APSB18-21 CVE-2018-5059 32612
APSB18-21 CVE-2018-5060 32613
APSB18-21 CVE-2018-5061 32614
APSB18-21 CVE-2018-5062 32615
APSB18-21 CVE-2018-5063 32616
APSB18-21 CVE-2018-5064 32617
APSB18-21 CVE-2018-5065 32618
APSB18-21 CVE-2018-5066 32619
APSB18-21 CVE-2018-5067 32620
APSB18-21 CVE-2018-5068 32621
APSB18-21 CVE-2018-5069 32622
APSB18-21 CVE-2018-5070 32623
APSB18-21 CVE-2018-12754 32624
APSB18-21 CVE-2018-12755 32625
APSB18-21 CVE-2018-12756 32626
APSB18-21 CVE-2018-12757 32627
APSB18-21 CVE-2018-12758 32628
APSB18-21 CVE-2018-12760 32629
APSB18-21 CVE-2018-12761 32630
APSB18-21 CVE-2018-12762 32631
APSB18-21 CVE-2018-12763 32632
APSB18-21 CVE-2018-12764 32633
APSB18-21 CVE-2018-12765 32634
APSB18-21 CVE-2018-12766 32635
APSB18-21 CVE-2018-12767 32636
APSB18-21 CVE-2018-12768 32637
APSB18-21 CVE-2018-12770 32638
APSB18-21 CVE-2018-12771 32639
APSB18-21 CVE-2018-12772 32640
APSB18-21 CVE-2018-12773 32641
APSB18-21 CVE-2018-12774 32642
APSB18-21 CVE-2018-12776 32643
APSB18-21 CVE-2018-12777 32644
APSB18-21 CVE-2018-12779 32645
APSB18-21 CVE-2018-12780 32646
APSB18-21 CVE-2018-12781 32647
APSB18-21 CVE-2018-12782 32648
APSB18-21 CVE-2018-12783 32649
APSB18-21 CVE-2018-12784 Vendor Deemed Reproducibility or Exploitation Unlikely
APSB18-21 CVE-2018-12785 32650
APSB18-21 CVE-2018-12786 32651
APSB18-21 CVE-2018-12787 32652
APSB18-21 CVE-2018-12788 32653
APSB18-21 CVE-2018-12789 32654
APSB18-21 CVE-2018-12790 32655
APSB18-21 CVE-2018-12791 32656
APSB18-21 CVE-2018-12792 32657
APSB18-21 CVE-2018-12802 Vendor Deemed Reproducibility or Exploitation Unlikely
APSB18-21 CVE-2018-12793 32658
APSB18-21 CVE-2018-12794 32659
APSB18-21 CVE-2018-12795 32660
APSB18-21 CVE-2018-12796 32661
APSB18-21 CVE-2018-12797 32662
APSB18-21 CVE-2018-12798 32663
APSB18-24 CVE-2018-5007 32559
APSB18-24 CVE-2018-5008 32560

Zero-Day Filters

There are no new zero-day filters in this week’s Digital Vaccine (DV) package. A number of existing filters in this week’s DV package were modified to update the filter description, update specific filter deployment recommendation, increase filter accuracy and/or optimize performance. You can browse the list of published advisories and upcoming advisories on the Zero Day Initiative website. You can also follow the Zero Day Initiative on Twitter @thezdi and on their blog.

Missed Last Week’s News?

Catch up on last week’s news in my weekly recap.

The post Zero-Day Coverage Update – Week of July 16, 2018 appeared first on .